Users of X (formerly known as Twitter) are being urged to exercise caution as a new wave of cyberattacks is making the rounds, using a sophisticated method that bypasses traditional malvertising protections. The attack vector? X’s very own AI chatbot, GROK.
According to cybersecurity researchers at Guardio Labs, malicious actors have discovered a way to manipulate GROK into unintentionally aiding in the distribution of harmful software. This technique, now being referred to as “Grokking,” leverages the AI assistant’s capabilities to deliver responses that include links or information leading users to malicious websites or downloads.
While the name and delivery mechanism might seem novel, the underlying method is not entirely new. Researchers from Cisco Talos have pointed out that similar tactics have been used in the past—particularly in cryptocurrency scams and fraudulent promotional schemes. In those instances, cybercriminals often hijacked trending topics or impersonated high-profile figures, including former U.S. President Barack Obama, to lend credibility to their scams and maximize reach.
What makes this latest campaign particularly concerning is the use of AI as a trusted intermediary. By manipulating GROK into participating—albeit unknowingly—in their schemes, attackers are able to bypass many conventional ad and link scanning protections, allowing them to reach potentially millions of users without triggering immediate red flags.
What Is Malvertising?
Malvertising, or malicious advertising, refers to the use of online ads to spread malware. Typically, cybercriminals create seemingly legitimate ads that, when clicked, redirect users to harmful websites or directly initiate the download of malicious software. Platforms like X implement layers of protection to guard users against such threats. However, with AI now playing a role in content distribution, attackers are finding creative ways to sidestep these defenses.
Why GROK?
GROK is designed to provide conversational assistance and context-aware responses based on real-time platform data. Its integration with a vast user base makes it a tempting target for exploitation. If users trust the information shared by GROK without question, they may unwittingly follow dangerous links or download malware-laden content.
What Can Users Do?
Cybersecurity experts recommend the following precautions:
Verify Links: Always double-check URLs before clicking. AI-generated links should be treated with the same caution as user-generated content.
Stay Updated: Keep your browser, antivirus software, and system security tools updated to the latest versions.
Be Skeptical: If something seems too good to be true—especially promotions or crypto offers—it probably is.
Report Suspicious Activity: If you come across strange responses from GROK or other automated tools on X, report them to the platform immediately.
Join our LinkedIn group Information Security Community!
